openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #25016
Re: Swift tempurl
I had a similar problem. See [1]. The fix was to add delay_auth_decision =
1 in the proxy-server.conf
[filter:authtoken]
...
delay_auth_decision = 1
-Shri
[1] https://answers.launchpad.net/swift/+question/225614
On Wed, Jul 10, 2013 at 4:43 AM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
> I've been looking at tempurl.py and found that the problem occurs here:
>
> def _get_key(self, env, account):
> """
> Returns the X-Account-Meta-Temp-URL-Key header value for the
> account, or None if none is set.
>
> :param env: The WSGI environment for the request.
> :param account: Account str.
> :returns: X-Account-Meta-Temp-URL-Key str value, or None.
> """
> key = None
> memcache = env.get('swift.cache')
> if memcache:
> key = memcache.get('temp-url-key/%s' % account)
> if not key:
> newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
> self.agent)
> newenv['CONTENT_LENGTH'] = '0'
> newenv['wsgi.input'] = StringIO('')
> key = [None]
>
> def _start_response(status, response_headers, exc_info=None):
> for h, v in response_headers:
> if h.lower() == 'x-account-meta-temp-url-key':
> key[0] = v
>
> i = iter(self.app(newenv, _start_response))
> self.logger.info()
> try:
> i.next()
> except StopIteration:
> pass
> key = key[0]
> if key and memcache:
> memcache.set('temp-url-key/%s' % account, key, timeout=60)
> return key
>
> The request get 403 forbidden and thus never gets the key in the first
> place. I'm looking at the github repo and the implementation there seems to
> have changed.
>
>
> Mvh / Best regards
> Morten Møller Riis
> Gigahost ApS
> mmr@xxxxxxxxxxx
>
>
>
>
> On Jul 10, 2013, at 6:24 PM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
>
> I'm having trouble getting tempurl to work.
>
> I set the "X-Account-Meta-Temp-Url-Key" metadata on the account. And a GET
> request shows it's set correctly.
>
> I've enabled it on the proxy server in /etc/swift/proxy-server.conf:
>
> [DEFAULT]
> bind_port = 8080
> workers = 8
> user = swift
>
> [pipeline:main]
> pipeline = healthcheck cache tempurl swauth proxy-server
>
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
>
> [filter:tempurl]
> use = egg:swift#tempurl
>
> [filter:swauth]
> use = egg:swauth#swauth
> set log_name = swauth
> super_admin_key = <removed>
> default_swift_cluster = gigahost#https://<url>/v1#http://localhost:8080/v1
>
> [filter:healthcheck]
> use = egg:swift#healthcheck
>
> [filter:cache]
> use = egg:swift#memcache
> memcache_servers = 127.0.0.1:11211
>
> When creating the tempurl's, even using the swift-temp-url program I get:
>
> ~ $ curl -i "https://
> <url>/v1/AUTH_224b1001-2c75-444c-aaef-30af13b9154c/000/206.pdf?temp_url_sig=387d79120a591e1cf6f4d4356f5c0a96fb49d202&temp_url_expires=1373438360"
> HTTP/1.1 401 Unauthorized
> Server: nginx
> Date: Wed, 10 Jul 2013 08:21:32 GMT
> Content-Type: text/plain
> Content-Length: 35
> Connection: keep-alive
>
> 401 Unauthorized: Temp URL invalid
>
> I've even tried running it locally on the proxy-server to localhost:8080,
> so I'm sure it's not nginx doing any funny stuff.
>
> Does anybody have any suggestions? I'm pretty lost :(
>
>
> Mvh / Best regards
> Morten Møller Riis
> Gigahost ApS
> mmr@xxxxxxxxxxx
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
Follow ups
References
